--Boundary_(ID_am7AZnNTfX1bi330JgliMg)
Content-type: TEXT/PLAIN; charset=US-ASCII
My host has been abused for flooding with the "smurf-exploit", posted to
bugtraq, so I patched my kernel to do not reply to ICMP_ECHO addressed to
an IP address which doesnt belong to the host (broadcasted pkt).
I recommand to install icmplog included in the iplogger packet, available
at
ftp://ftp.tu-graz.ac.at/pub/linux/redhat-contrib/SRPMS/iplogger-0.1-1.src.rpm
to find out if you're abused by smurf to flood..
It produces a lot of syslog entries for every ICMP_ECHO request received,
like...
Oct 16 13:59:53 leto icmplog: ping from clifton.netgates.co.uk
Oct 16 13:59:56 leto icmplog: ping from darkfires.abac.com
Oct 16 13:59:57 leto icmplog: ping from clifton.netgates.co.uk
Oct 16 13:59:59 leto icmplog: ping from darkfires.abac.com
...
simple patch for linux-2.0.30 attached
-therapy
--Boundary_(ID_am7AZnNTfX1bi330JgliMg)
Content-id: <Pine.LNX.3.96.971016142235.1808B@guardian.htu.tuwien.ac.at>
Content-type: TEXT/PLAIN; name=hmm13; charset=US-ASCII
Content-description: icmp broadcast echo patch
Content-disposition: ATTACHMENT; FILENAME=hmm13
Content-transfer-encoding: BASE64
LS0tIGljbXBfb3JpZy5jCVRodSBPY3QgMTYgMTM6NTc6NDggMTk5Nw0KKysr
IGljbXAuYwlUaHUgT2N0IDE2IDEzOjU4OjI2IDE5OTcNCkBAIC0xMTA4LDEy
ICsxMTA4LDkgQEANCiAJCSAqCWJ5IHNvbWUgbmV0d29yayBtYXBwaW5nIHRv
b2xzKS4NCiAJCSAqCVJGQyAxMTIyOiAzLjIuMi44IEFuIElDTVBfVElNRVNU
QU1QIE1BWSBiZSBzaWxlbnRseSBkaXNjYXJkZWQgaWYgdG8gYnJvYWRjYXN0
L211bHRpY2FzdC4NCiAJCSAqLw0KLQkJaWYgKGljbXBoLT50eXBlICE9IElD
TVBfRUNITykgDQotCQl7DQogCQkJaWNtcF9zdGF0aXN0aWNzLkljbXBJbkVy
cm9ycysrOw0KIAkJCWtmcmVlX3NrYihza2IsIEZSRUVfUkVBRCk7DQogCQkJ
cmV0dXJuKDApOw0KLSAgCQl9DQogICAJCS8qDQogICAJCSAqCVJlcGx5IHRo
ZSBtdWx0aWNhc3QvYnJvYWRjYXN0IHVzaW5nIGEgbGVnYWwNCiAgIAkJICoJ
aW50ZXJmYWNlIC0gaW4gdGhpcyBjYXNlIHRoZSBkZXZpY2Ugd2UgZ290DQo=
--Boundary_(ID_am7AZnNTfX1bi330JgliMg)--